Pakistan, among the top 5 targets of US National Security Agency, has taken steps to secure its cyber front, said a recently published report by “The News”.
Considering the revelations made by Edward Snowden, it was established that NSA may penetrate into Pakistani cyber space again to steal sensitive data relating to Pakistan, its domestic politics, strategic and economic interests and its nuclear programs, by tapping into computer networks of Internet service providers such as email, video-sharing, voice-over-IPs, chats and social networking websites.
National Telecom & Information Technology Security Board (NTISB) has resultantly framed guidelines/techniques for protecting government business from possible hacking attempts from domestic and foreign threats.
On recommendation of NTISB, Cabinet Division has communicated the guidelines to all ministries, government divisions and departments.
“Recent wave of stealing the sensitive official data by US NSA has raised serious concerns warranting the implementation of all policies and guidelines in true letter and spirit,” the Cabinet Division noted in a letter to all ministries, departments and divisions.
“USA being the leading country in the field of communication and IT is using multiple tools mainly through electronic surveillance, ground and air intelligence platforms like satellites, recording telephonic calls, gathering public pulse through e-mails filtering, radio monitoring, communication leaks, vulnerabilities in IT based networks carrying sensitive data and other sophisticated means, covertly or overtly,” the Cabinet Division noted.
It merits mentioning here that in one of the maps revealed by Edward Snowden, based on the amount of telephone and email communication data collected by NSA, Iran was shown as the primary target, warranting 14 billion reports, followed by Pakistan (13.5 billion), Jordan (12.7 billion), Egypt (7.6 billion) and India (6.3 billion).
Keeping in view the intents of NSA, NTISB framed following guidelines:
- All government officials and officers must not use private emails (such as Gmail) for exchange of official correspondence
- Official data should not be stored/ copied on personal computers and laptops and personal USB at any cost
- Official data should not be stored/ copied on computers with internet connection
- No official/ classified information should be placed on internet by any means
- Uploading of sensitive information on social media should be avoided
- Uploading of videos and photos of official meetings should be avoided
- Downloading of software from internet should be avoided
- All government offices are supposed to get internet connections from National Telecommunication Corporation (NTC) as per policy
- Official personal computers (PCs) having sensitive data must not be provided with internet connection
- Contents placed on official websites must be properly scrutinised and approved for uploading
- Internet usage in government departments be regulated and access be provided with limited user privileges
- Internet computers be isolated and the network security must be ensured and internet provision be controlled by the highest administrative authority in the ministry, division or department.
The Security Board noted that presence of sensitive/ official data on the web had made the government official entities hostage and vulnerable to hostile ingress and sudden access by unknown intelligent IT mafias, suspected hackers as well as individual secret agents.
Misuse of this information fairly acquired from such an advanced information resource through multiple hacking techniques may invariably cause serious threats to national security.
Keeping in view the NSA’s level of deep penetration into computer and communication networks, it is assumed that above mentioned guidelines aren’t enough to safeguard our national interests.
Further hardening of our ISPs, cellular networks, telecom companies and other liaison channels is needed to cent percent protect our national secrets.
Not to mention, Android, iOS, Windows, Mac and devices of various other makes and kinds are all under NSA’s control that can communicate user data to agency’s control room without any hassle.
Definitely, there is a lot more required than just these guidelines.
Tipped by GS